No error
I’m being asked by a client which OWASP attack categories our WAF policy provides protection against. I cannot find a list of OWASP categories that the managed rules protect against.
I’ve looked through documentation and searched the Community for an answer.
Off
I assume you’ve already seen this documentation, but I’ll link it here just in case:
You can also browse the OWASP rules in your dashboard.
For security reasons, we don’t provide specific rule patterns to prevent potential exploitation.
Thanks – yes, I have seen those documents.
Where can I find the OWASP rules in my dashboard?
OWASP core ruleset is available for pro plans and up, so if you have a paid subscription, you can find them under Security > WAF > Manged Rules > Cloudflare OWASP Core Ruleset > Browse rules (this button is at the bottom of the page)
Thank you – that was helpful.
I found some rules were tagged with capec-IDs in the rules (https://capec.mitre.org/data/definitions/659.html). Do you have any tips on how I can see if OWASP categories not mentioned by their capec-ID are covered?
For instance Server Side Include (SSI) Injection (101-capec)
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.